Title :
Computer Forensics Research and Implementation Based on NTFS File System
Author :
Naiqi, Liu ; Zhongshan, Wang ; Yujie, Hao ; QinKe
Author_Institution :
Sch. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, Chengdu
Abstract :
Based on NTFS file system, this paper proposed an algorithm of reconstructing directory tree above deleted files. Further more, by analyzing the internal structure of the NTFS file system in detailed, the storage principle of Data Runs in attribute 80 of MFT is clarified. Author analyzed some exceptions occurred during deleting files and compared the self-researched data recovery software named SmoothRecovery with the EasyRecovery appeared in the market. The result shows SmoothRecovery is more excellent than EasyRecovery on the efficiency of implementation.
Keywords :
computer crime; storage management; system recovery; Data Runs; EasyRecovery software; NTFS file system; SmoothRecovery software; computer forensics; deleted file; directory tree; self-researched data recovery software; Communication system control; Computer networks; Computer science; Consumer electronics; Control systems; Engineering management; File systems; Forensics; Image reconstruction; Technology management; Data Runs; computer forensics; data recovery; directory tree reconstruction;
Conference_Titel :
Computing, Communication, Control, and Management, 2008. CCCM '08. ISECS International Colloquium on
Conference_Location :
Guangzhou
Print_ISBN :
978-0-7695-3290-5
DOI :
10.1109/CCCM.2008.236
